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(57) Abstract: A mobile Internet Protocol service provider system in^Iements home agent functionality in two separate devices. 
**** One device, the home registration agent, is devoted to registration of tbe mobile node and session controL The other device, the home 
^ fn«ni*lifig agent, is devoted to mnneling and routing functions for the foreign agent The home registration agent can be a general 
^ pwpose computer The home nmneling agent is pieferably implemented in a robust routing device, such as an IP switch or router. 
^ Multiple home nmneling agents or home titration agents can be implemented in the lespecdve devices as multiple instantiations 

of a home registtation agent or home tunneling agent software program. Foreign agent functionality for mobile IP networking can 
Q also be split into separate devices. In a preferred embodiment, a foreign registration agent handles session conbY>l and registration 
^ trafiSc with the home registration agent, and a foreign tunneling agent provides packet c2^ulation/decapsuiation and routing services 
!^ for the mobile node and exchanging data tza£5c with the home tunneling agent 
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MOBILE INTERNET PROTOCOL (IP) NETWORKING WITH HOME 
AGENT AND/OR FOREIGN AGENT FUNCTIONS DISTRIBUTED 
AMONG MULTIPLE DEVICES 



BACKGROUND OF THE INVENTION 

A. Field of the Invention 

This invention relates generally to systems that provide mobile Internet Protocol 
(IP) networking, wherein a mobile communications device such as a portable laptop 
computer or personal digital assistant may communicate with a host computer on an IP 
network. More particularly, the invention relates to the architecture and arrangement of 
communications devices functioning as home agents and foreign agents that are used in 
such a system. 

B. DescriptioTi of Related Art 

Public packet switched networks can be used to carry traffic to and from a mobile 
communications device, such as a laptop computer or personal digital assistant equipped 
with a cellular telephone modem. The basic architecture of mobile IP data networking is 
known in the art and described in several publications, including the Request for Comments 
document RFC 2002 (1996) and in the textbook of Charles E. Perkins, Mobile IP Design 
Principles and Practices. Addison- Wesley Wireless Communications Series (1998), both of 
which are fully incorporated by reference herein. Persons skilled in the art of mobile IP 
data networking are familiar with the contents of both of these documents and the devices 
used to implement mobile IP data networking in practice. 

Basically, and with reference to Figure 1, in Mobile IP communication, a wireless 
mobile node 10 communicates with a target host 12 on an IP network 14 by means of two 
devices, a "foreign agent" 16 and a "home agent" 18. Typically, foreign agent functionality 
is incorporated into a router or network access server chassis located on a mobile node's 
visited network 20. A radio access network linking the mobile node to the foreign agent 16 
is not sho\vn for purposes of simplicity in the present discussion. The foreign agent 16 
provides routing services for the mobile node while it is registered with the home agent 18. 
The foreign agent 16 de-tunnels and delivers datagrams to the mobile node 10 that were 
tunneled by the mobile node's home agent 18. In the present specification, the term 
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'tunneling" refers to packet re-addressing, such as performed by the home agent. 

The traffic exchanged between the foreign agent 16 and the home agent 18 includes 
control traffic 22, e.g., registration request and registration reply messages and session 
control messages, and data traffic 24. The control traffic 22 terminates at the home agent. 
5 The data traffic 24 is routed fi-om the mobile node's home network 26 to a second network 
14 for delivery to the target host. The target host could be connected to the home network 
by any arbitrary number of interaiediate IP networks, or could be on the mobile node's 
home network 26. 

The home agent 18 is typically implemented in a router on a mobile node's home 

10 network 26. The home agent maintains cuirent location infomiation for the mobile node, 
through a variety of possible mechanisms, such as described in the patent application of 
Richard J. Dynarski, et al., "Dynamic Allocation of Wireless Mobile Nodes Over an 
Internet Protocol (IP) Network", serial no. 09/233,381, which is incorporated by reference 
herein. When one or more home agents are handling calls for multiple mobile nodes 

15 simultaneously, the home agent(s) are providing, in essence, a service analogous to virtual 
private network services. Each mobile node is typically associated with a separate home 
network and the routing path fi"om that home network, through the home agent, to the 
foreign agent and mobile node is like a virtual private network for the mobile node. 

Thus, fi-om the above discussion, it can be seen that the home agent performs two 

20 separate and distinct tasks for the foreign agent and mobile node. First, the home agent 18 
must perform an authentication and registration process to determine whether the mobile 
node is authorized to access the home network 26. This may involve checking the 
identification of the mobile node (such as, through use of the mobile node's unique serial 
number or manufacturing number), password authentication, and possibly checking that the 

25 mobile node's account is current and paid in full. The home agent registration and 
authentication functions may be performed in conjunction with, or with the assistance of, a 
second device, such as an authentication, authorization and accounting server such as a 
RADIUS server. See the patent application of Yingchun Xu, Serial No. 08/887,313 filed 
July 3, 1997 for further details. 

30 Second, the home agent 18 has to tunnel data from the target host to the foreign 

agent, and provide tunneling services in the reverse direction, i.e., provide packet re- 
addressing for traffic fi-om the foreign agent to the host 12. To coordinate tunneling in the 

7 
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reverse direction, the home agent provides a forwarding "care/of address to the foreign 
agent to tell the foreign agent 16 where to tunnel traffic from the mobile node so that it can 
be sent to the host. This forwarding address is typically contained in a registration reply 
message sent to the foreign agent notifying the foreign agent that the mobile node is 

5 authenticated to communicate in the home network. In the prior art, the home agent is also 
the device that receives the tunneled traffic from the foreign agent for routing onto the home 
network, and therefore the forwarding address is the home agent's IP address. 

The foreign agent also has to perfoma two distinct tasks for the mobile node, similar 
to that of the home agent. First, the foreign agent has to handle the registration and session 

10 control aspects for the mobile node, including sending registration request messages to the 
home agent and processing a registration reply message. Second, the foreign agent has 
tunneling responsibilities for forwarding data packets to the home agent for ultimate 
distribution to the destination, and de-timneHng data from the home agent and forwarding 
the data to the mobile node. 

15 The known prior art for providing mobile IP networking services has embraced the 

concept of a single home agent, in a single chassis, for a given network. However, some 
larger scale providers of Mobile IP networking services may require multiple home agents 
on their networks in order to meet demand for mobile IP network services for a large 
distributed customer base. One possible approach to meeting the expected demand for 

20 home agent services is to provide multiple home agents, each home agent embodied in a 
separate chassis or device. Another approach is to provide a single home agent, but design 
the home agent such that it has an internal architecture to support multiple networks (e.g., 
multiple virtual private networks). This latter approach is not considered very attractive, in 
that management of the home agent would be cumbersome. Furthermore, the home agent 

25 would not be particularly fault tolerant, in that any mechanical or software problem in the 
home agent would potentially affect a large number of virtual private networks. In all the 
known prior art, the individual devices configured as home agents have implemented both 
home agent functions within the same device, i.e., registration functions and 
tunneling/routing functions as described above. Similarly the prior art has embraced the 

30 concept of performing both the registration and turmeling responsibilities for a foreign agent 
in a single device, e.g. , network access server. 
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SUMMARY OF THE INVENTION 

The present invention represents an improvement to the above approaches 
contemplated by the prior art. The present invention contemplates distributing the home 
5 agent functionahty across multiple devices, with one device devoted to handing the 
registration and authentication functions, and another device devoted to the routing and 
tunneling functions of a home agent. The present inventors have appreciated that the former 
functions, i.e., registration and authentication, are not particularly computationally 
intensive, and that a single general purpose computing device can handle a very large 

10 number of simultaneous registration and authentication transactions without any undue 
latency, management, or other problems, either alone or in concert with a RADIUS or 
Authorization, Authentication, and Accounting (AAA) server. On the other hand, the 
routing and inverse tunneling functions of a home agent are more CPU- intensive and better 
suited to more robust devices designed for such purposes, such as switches and routers. 

15 Thus, the present distributed home agent design of the present invention overcomes the 
scaling and management problems presented by prior art approaches and represents a 
simple, cost effective, and easily managed solution for providing mobile IP network 
services, particularly for large scale providers of such services. 

In another related aspect of the invention, the functionality of a single foreign agent 

20 is distributed across multiple devices. For example, the registration and session control 
functions of a foreign agent are assigned to a first device, referred to herein as a "foreign 
registration agent", such as a general purpose computer or network access server on the 
visited network. The tunneling functions of the foreign agent are assigned to one or more 
different devices, referred to herein as a "foreign tunneling agent." 

25 In a system which implements both distributed home agents and distributed foreign 

agents, the foreign registration agent would exchange registration and session control 
messages with the home registration agent. The tunneling of data traffic between the 
mobile node and the host system would occur between the home tunneling agent and the 
foreign tunneling agent. 

30 Thus, in a first aspect, the present invention is an improvement to a system that 

provides mobile Internet Protocol networking for a mobile node via a foreign agent and a 
home agent. The improvement comprises implementing the home agent in two separate 

■4 
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entities or devices. These two separate entities comprise (1) a home registration agent 
handling re v^^tration requests for the mobile node, and (2) a home tunnehng agent receiving 
traffic from Lhe mobile node via the foreign agent and redirecting the traffic to a destination 
for the traffic. 

5 In a preferred embodiment, the home registration agent generates a registration reply 

message in response to a registration request message associated with the mobile node. 
The home registration agent sends the registration reply message to the foreign agent. The 
registration reply message contains an address associated with the home tunneling agent, 
such as an IP address of the home tunneling agent, whereby the foreign agent tunnels the 

10 traffic from the mobile node to the home tunneling agent for transmission to the destination 
for the traffic. An extension to the mobile IP protocol can be used as a means for including 
the home tunneling agent's network address in the registration reply message. 

In another aspect of the invention, a mobile Internet Protocol service provider 
system provides access to a network for a mobile node and enables the mobile node to 

15 communicate with a host on the network. The system comprises a first communications 
device comprising a home registration agent responsive to a registration request message 
associated with the mobile node. The system further includes a second communications 
device, different from the first communications device, comprising a home tunneling agent 
associated with the home registration agent, the home tunneling agent receiving traffic from 

20 the mobile node and redirecting the traffic to the network. In a representative embodiment, 
the system is operated by a wireless communications service provider, and typically a 
wireless communications service provider that is serving a large number of wireless 
customers and therefore must provide for a high number of mobile nodes simultaneously. 
As noted previously, the specific communication device that is used to implement the home 

25 registration agent and the home tunneling agent is not particularly important, but will be 
selected in view of the typical processing requirements of the home tunneling agents and the 
home registration agents, in a preferred embodiment, the home tunneling agent comprises 
a router. 

In another aspect of the invention, a machine is provided for authenticating a mobile 
30 node for network access. The machine implements just the registration part of a home agent 
function, with the tunneling part of the home agent function being taken up by a separate 
device such as a router. The machine, which may be implemented as a general purpose 



5 



BNSDOCID: <WO_010e734A2J_> 



wo 01/06734 PCT/USOO/19280 

computer or other suitable device, includes a central processing unit, an interface to the 
network, and a machine readable storage medium comprising a set of instruction for 
processing registration request messages associated with the mobile node and responsively 
generating registration reply messages. The registration reply message contains a field 
5 containing a network address for a home tunneling agent. The network address of the home 
tunneling agent is different fi-om a network address assigned to the machine, because the 
home tunneling agent function is being performed in the separate device. 

In yet another aspect, a method is provided for authenticating a mobile node for 
network access. In accordance with the method, a registration request message is generated 

10 and sent fi-om a foreign agent to a home registration agent. The registration request 
message contains information used to detemiine whether said mobile node is authorized to 
access a network, such as the mobile device's unique International Mobile Subscriber 
Identity (IMSI) number and/or its Electronic Serial Number (ESN). The home registration 
agent then detemiines fi-om the information in the registration request message whether the 

15 mobile node is permitted to access the network. This step may be perforaied with the 
assistance of a authorization, authentication and accounting server, e.g., a RADIUS server. 
The home registration agent then generates a registration reply message and sends the 
registration reply message firom the home registration agent to the foreign agent. 

If the step of determining results in a positive response, i.e., that the mobile device is 

20 authenticated or registered to use the network, the home registration includes in the 
registration reply message a network address of a home tunneling agent. The home 
tunneHng agent is adapted to receive data traffic firom the mobile node and direct the traffic 
onto the network. The foreign agent forwards data traffic fi"om the mobile node to the home 
tunneling agent for transmission to the host or destination. The home registration agent and 

25 the home tunneling agent are preferably implemented in two separate commimications 
devices. Similarly, the foreign agent fimctionaHty may be split up into two separate 
devices, one fiinctioning as a foreign turmeling agent and another device functioning as a 
foreign registration agent. The foreign and home registration agents exchange the 
registration and session control messages, while the tunneling activity is handled by foreign 

30 and home tunneling agents. 

These and still other features of the invention will be more apparent from the 
following detailed description of presently preferred and alternative embodiments of the 
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invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

In the following description, reference will be made to the appended drawings, 
5 wherein like reference numbers refer to like elements in the various views, and in which: 

Figure 1 is an illustration of a prior art mobile IP networking system; 

Figure 2 is an illustration of a mobile IP networking system in accordance with a 
preferred embodiment of the invention, with the home tunneling agent and home 
registration functions being separated and performed to two separate devices; 
10 Figure 3 is an illustration of a mobile IP Protocol extension that could be used by the 

home registration agent to transmit the IP address of the home tunneling agent and thereby 
inform the foreign agent where to tunnel traffic from the mobile node destined for the target 
host; 

Figure 4 is an illustration of a mobile IP networking system in accordance with an 
15 alternative embodiment of the invention in which the foreign agent functions are separated 
into two separate devices, a foreign registration agent and a foreign tunneling agent; and 

Figure 5 is an illustration of an architecture for mobile IP networking in which the 
foreign agent functions and the home agent functions are both split up into multiple separate 
devices. 

20 
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DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT OF THE INVENTION 

With reference to Figure 2, in accordance with a principal aspect of the invention the 
5 home agent function as provided by RFC 2002 is separated and performed by two (or more) 
separate devices. In the embodiment of Figure 2, device 18A is designated as a home 
registration agent, dedicated to registration of mobile nodes, and the other device 1 8B is 
designated as a home tunneling agent. In the simplest embodiment of the invention, the 
home agent function is split up into one home registration agent 18A and one home 

10 tunneling agent 18B. Thus, the home agmt functionality specified in RFC 2002 is broken 
up in to two basic tasks: registration of mobile nodes and tunneling/routing for the mobile 
nodes and foreign agents, with the registration function being performed by a home 
registration agent 18 A, and the tunneling and routing functions being perforaied by the 
home tunneling agent 18B. A need for more than one home tunneling agent per home 

15 registration agent may exist, depending on the size of the mobile IP customer base, the 
capacity or utilization of the router chosen to implement the home tunneling agent function, 
or other factors. 

As shown in Figure 2, control traffic 22 consisting of, among other things, 
registration request messages and registration reply messages, is exchanged between the 

20 foreign agent 16 and the home registration agent 18 A. The foreign agent 16 could be 
embodied in one device, or could be broken up into two separate devices, a foreign 
registration agent and a foreign tunneling agent, as explained below. The home registration 
agent 1 8 A does not receive or process the underlying data traffic 24 going to and from the 
foreign agent and mobile node. This data traffic is instead sent to the home tunneling agent 

25 18B, which handles all the routing and tunneling functions for the foreign agent and mobile 
node. While the situation illustrated in Figure 2 shows only one mobile node 10, it will be 
appreciated that in practice the registration and tunneling functions will be performed 
simultaneously and in parallel for many mobile nodes at once. 

The home registration agent 18A will be typically implemented as a machine such as 

30 a general purpose computer loaded with a software program having a set of instructions for 
handling registration request messages from foreign agents pursuant to RFC 2002. Such 
software programs are either known to persons skilled in the art or readily developed from 

8 
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the RFC 2002 document. The home registration agent ISA tells the foreign agent where to 
timnel data traffic 22 by sending an IP address of the home tunneling agent 18B to the 
foreign agent, as described in further detail below. 

The home tunneling agent 18B receives traffic from the mobile node via the foreign 

5 agent and redirects the traffic to a destination for the traffic, such as the host computer 1 2 on 
the network 18. Similarly, the home tunneling agent 18B tunnels traffic from the host 12 to 
the foreign agent 16 for delivery to the mobile node 10. Since the home tunneling agent 
will likely be performing home tunneling agent fimctions for a large number of mobile 
nodes simultaneously, the device that is designated to perform the home tunneling agent 

10 fimction should be the type of robust device that is designed to perform such functions. An 
IP router would be a suitable device for the home tunneling agent 1 8B. 

Ordinarily, the home registration agent 18A will serve a plurality of mobile nodes 
simultaneously, and potentially thousands of such nodes. In a large scale implementation of 
mobile IP, it is preferred that the home registration agent works in conjunction with a 

15 plurality of home tunnehng agents so that the tunneling function for all the mobile nodes 
can be distributed across more than one tunneling agent. A distributed base of home 
tunneling agents also facilitates load balancing among the tunneling agents, and provides 
some redundancy and fail-over capacity in the event that one of the home tunneling agents 
experiences hardware or software problems, or needs to be taken off line for maintenance, 

20 upgrading, repair, etc. 

Method of operation 

The distribution of home agent functions between a home registration agent in one 
device and a home tunneling agent in another device works as follows. A mobile node 10 

25 establishes a PPP connection with a foreign agent 16 over a wireless service provider 
network (not shown). The foreign agent 16 forwards a registration request message to the 
home registration agent ISA. The details of a registration request message are set forth in 
RFC 2002. The home registration agent 18A receives the registration request message and 
generates a registration reply message, indicating whether the mobile node 1 0 is allowed to 

30 access the network 26. The home registration agent may perform this authentication 
function alone, or, more preferably, with a separate AAA or RADIUS server 30, The details 
of registration of a mobile node are not considered particularly important for the present 
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invention and are known to persons skilled in the art. 

The registration reply message is then sent from the home registration agent 1 8 A to 
the foreign agent 16. The registration reply message contains an IP address assigned to a 
home tunneling agent 18B that is designated to handle the tunneling and routing functions 
5 for data traffic between the mobile node and the host 12. The foreign agent 16 tunnels data 
traffic from the mobile node to the home tunneling agent for transmission to the destination 
for the traffic, such as the host 12. Similarly, the home tunneling agent 18B tunnels data 
traffic from the host 12 to the foreign agent for transmission over the PPP connection to the 
mobile node 10. 

10 

Mobile IP Service Provider Svstem 

From the above discussion, it can be seen that we have described a mobile IP service 
provider system for providing network access for a mobile communications device. The 
system includes a first conununications device 18A, such as a general-purpose computer, 

15 comprising a home registration agent responsive to a registration request message 
associated a mobile node and generating a registration reply message. The system also 
includes a second communications device 18B, embodied in platform or device different 
from the first communications device, comprising a home tunneling agent associated with 
the home registration agent. The home tunneling agent receives traffic from the mobile 

20 node and directs the traffic to the network. The system may be operated by any suitable 
entity, for example by a wireless communications service provider. The wireless 
communications service provider may furnish all the basic elements for providing mobile IP 
services, such as the foreign agents, and the home registration and home tunneling agents. 
Or, the entity may simply provide home tuimehng and home registration agents, and work 

25 with other entities that own or manage the foreign agents. 

In a preferred embodiment, at least one of the first and second communications 
devices implementing the home registration agent and home tunneling agents, respectively, 
comprises a router. Since the functions provided by the home tunneling agent 18B are 
more directly analogous to IP routing functions performed by routers, the home tunneling 

30 agent function will nonmally be performed in a router. Other devices could be used, 
however. 

A number of different conununications devices are all suitable platforms for 
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implementation as a home registration agent. One example is a general-purpose computer. 
Another example would be an AAA or RADIUS server. Another example would be a 
router. 

In any event, the home registration agent 1 8A will typically comprise a machine 
5 having a central processing unit, an interface to a network, and a machine readable storage 
medium (such as EPROM, ROM or other type of memory device) containing a set of 
instructions for processing registration request messages associated with a mobile node and 
responsively generating registration reply messages. The details of a preferred registration 
reply message format are described in the next section. 

10 

Mobile Intemet Protocol Extension for Separate Home Tunneling Agent 

The registration reply message, in a preferred embodiment, contains a field 
containing a network address for a home tunneling agent. This may be embodied as an 

15 extension to the mobile IP protocol specified in RFC 2002. The mobile IP protocol in RFC 
2002 supports the separating of foreign agent addresses and foreign agent care of addresses. 
To support the separation of the home agent address and the home agent care-of-address 
during reverse tunneling (all data traffic that is bound for the home node is sent to the home 
tunneling agent and is tunneled by the home tunneling agent back to the mobile node via the 

20 foreign agent), a new extension as shown in Figure 3 is defined. This extension will be 
carried inside a Mobile IP Registration Reply message when the mobile node 10 has been 
successfully authenticated. In the extension of Figure 3, the four byte home agent care-of- 
address field 32 comprises the IP address of the home tunneling agent. The foreign agent 
tunnels traffic to this address as described above. 

25 If the extension of Figure 3 does not appear in the Registration Reply message, the 

foreign agent must use the home registration agent IP address as the home agent care of 
address. 

Embodiment with Multiple Home Agent Instantiations in a Single Chassis 
30 In yet another alternative embodiment of the invention, multiple home registration 

agent or home tunneling agent functions could be implemented within a single chassis. The 
multiple home registration agents are implemented as multiple instantiations or threads of a 

11 
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home registration agent software program in a general purpose computer or other suitable 
device running a Microsoft Windows NT or a similar operating system. Each instantiation 
of the software would run independently of the other software instantiations and process 
registration requests and generate registration replies independent of the other software- 

5 instantiated home registration agents. 

Similarly, multiple home tunneling agents could be implemented as multiple software 
instantiations running simultaneously in a router or switch. Thus, instead of implementing 
multiple discrete hardware devices to perform multiple home tunneling agent functions, 
multiple home tunneling agents could be provided in a single router, as separate 

10 instantiations of a home tunneling agent software program. Each instantiation or thread 
would be assigned a unique IP address so that each session for multiple mobile nodes can be 
kept separate in the single router. 

Further details on the implementation of multiple home agent functions in a single 
chassis or device are described in the parent application of the present inventors, entitied 

15 VIRTUAL HOME AGENT SERVICE USING SOFTWARE-REPLICATED HOME 
AGENTS, Serial No. 09/248,6 1 7, filed February 2 1 , 1 999. 

Distributed Foreim Agent Functions Amon g Multiple Devices 

Referring now to Figure 4, as noted above the functions of a foreign agent can be 

20 grouped into two groups that mirror the fimctions performed by the home agent: (1 ) session 
control and registi-ation functions, and (2) tunneling and packet capsulation/decapsulation. 
In the embodiment of Figure 4, the foreign agent fimctions are separated out into multiple 
devices. The session control and registration fimctions for the mobile node 10 are 
performed in one device (such as general purpose computer) identified as a foreign 

25 registration agent (FRA) 16B. The tunneling and packet capsulation/decapsulation 
fimctions are distributed among three different foreign tunneling agents (FTA), 16A, 16C 
and 16D. These devices may be implemented as network access servers of the general type 
described in the patent to Dale M. Walsh et al., US Patent 5,528,595. For any given 
mobile node, only one foreign tunneling agent will normally be involved with packet 

30 forwarding and capsulation/decapsulation fimctions, but that fiinctionality could be handed 
off to another foreign tunneling agent in tiie set in the event tiiat the mobile device moves 
out of range from the first foreign tunneling agent 16A, or in the event that die foreign 

12 



BNSOOaO: <WO_010e734A2.l_> 



wo 01/06734 



PCT/USOO/19280 



tunneling agent 16 goes offline. 

Furthermore, since the node 10 is by definition a mobile node, it may likely go out 
of range in the wireless network of the foreign tunneling agent 16 A, and be in the position 
represented by reference numeral 10'. The hand-off of tunneling duties between the FTA 

5 16A and the new FTA 16C can be effectoated without the need for re-registration of the 
mobile node via the foreign registration agent 16B, home registration agent 18 A, AAA 
server 30, etc. Instead, a new care of address assigned to the foreign tunneling agent 16C 
would be sent to the home tunneling agent 18B notifying it where to tunnel data traffic fi-om 
the host 12 to the foreign tunneling agent. 

10 Referring now to Figiu-e 5, another possible architecture is illustrated for mobile IP 

networking in which the foreign agent functions and the home agent functions are both split 
up into multiple separate devices. Specifically, the foreign agent fimction is broken down 
into one foreign registration agent 16B in one device and a plurality of foreign tunneling 
agents 16 A, 16C and 16D embodied another device, such as a router or network access 

15 server. The foreign registration agent 16B is responsible for agent discovery procedures 
and mobile node registration relay, as provided in RFC 2002. The foreign registration agent 
exchanges session control and registration messages with the home registration agent 
(HRA) ISA, as shown in the drawing. The home registration agent 18A may authenticate 
and register the mobile node alone or in conjunction with an AAA or RADIUS server. 

20 The foreign tunneling agents are managed by the foreign registration agent 16B, 

such as using a simple network management protocol (SNMP) packet or otherwise. In the 
illustration, there are 3 such foreign tunneling agents 16A, 16C and 16D. These foreign 
mnneling agents are implemented in a separate device from the foreign registration agent. 
The three foreign tunneling agents could be embodied in 3 different IP routers, or, as 

25 indicated in the drawing, as three different instantiations of a foreign tunneling agent 
software program in a single IP router. The foreign tunneling agents are responsible for IP 
packet capsulation/decapsulation and IP packet tunneling and forwarding as described in 
RFC 2002. They forward data traffic 24 to and receive data traffic 24 from the home 
tunneling agents 18B, 18C, and 18D. 

30 The distribution of foreign agent functionality across multiple devices allows for 

load balancing among foreign tunneling agents and provides some redundancy and fail-over 
capacity. The architecture of Figure 5 also has advantages in that it is readily adaptable 
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to a voice over IP system (VOIP) within the same architecture, with the distributed base of 
foreign agents corresponding to a distributed set of VOIP gateways and the home agents 
corresponding to a distributed base of VOIP gatekeepers. 

From the forgoing description, persons of skill in the art will appreciate that various 
modifications to the preferred embodiments can be made without departure from the true 
scope and spirit of the invention. This trae scope and spirit will be found be reference to the 
appended claims, interpreted in Ught of the forgoing specification. 
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1 . In a system for providing mobile Internet Protocol networking for a mobile 
node via a foreign agent and a home agent, the improvement comprising: 

5 implementing said home agent in two separate entities, said two separate entities comprising 
(1) a first communications device implementing a home registration agent handling 
registration requests for said mobile node, and (2) a second communications device 
implementing a home tunneling agent receiving data traffic from said node via the foreign 
agent and redirecting said data traffic to a destination for said data traffic. 

10 

2. The improvement of claim 1, wherein said home registration agent serves a 
plurality of mobile nodes and wherein said home registration agent is associated with a 
plurality of home tunneling agents. 

15 3. The improvement of claim 1, wherein said home registration agent generates 

a registration reply message in response to a registration request message associated with 
said mobile node and sends said registration reply message to said foreign agent, and 
wherein said registration reply message contains an address associated with said home 
txmneling agent, whereby said foreign agent may tunnel said data traffic from said mobile 

20 node to said home tunneling agent for transmission to said destination for said data traffic. 

4. A mobile Internet Protocol service provider system for providing a mobile node 
access to a network and enable said mobile node to communication with a host on said 
network, comprising: 

25 a first communications device comprising a home registration agent responsive to a 

registration request message associated said mobile node and generating a registration reply 
message; and 

a second communications device, different from said first communications device, 
comprising a home tunneling agent associated with said home registration agent, said home 
30 tunneling agent receiving data traffic from said mobile node and redirecting said data traffic 
to said network. 
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5. The system of claim 4, wherein said system is operated by a wireless 
communications service provider. 

6. The system of claim 4, wherein at least one of said first and second 
5 communications devices comprises a router. 

7. The system of claim 4, wherein said system further comprises a foreign agent 
tunneling data traffic from said mobile node to said home tunneling agent, and wherein said 
home registration agent generates said registration reply message in response to a 

10 registration request message associated with said mobile node and sends said registration 
reply message to said foreign agent, and wherein said registration reply message contains an 
address associated with said home tunneling agent, whereby said foreign agent may tunnel 
said data traffic fix>m said mobile node to said home tunneling agent for transmission to said 
network. 

15 

8. A machine for authenticating a mobile node for network access, said 
machine comprising: 

a central processing unit; 
an interface to said network; and 
20 a machine readable storage medium comprising a set of instructions for processing 

registration request messages associated with said mobile node and responsively generating 
registration reply messages; 

wherein said registration reply message contains a field containing a network 
address for a home tunneling agent, said network address being different from a network 
25 address assigned to said machine. 

9. The machine of claim 8, wherein said machine comprises a general purpose 
computer. 

30 10. The machine of claim 8, wherein said machine comprises a router. 

11. A method of authenticating a mobile node for network access, comprising 
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the steps of : 

generating a registration request message and sending said registration request from 
a foreign agent to a home registration agent, said registration request message containing 
infomiation used to deteraiine whether said mobile node is authorized to access a network; 
5 determining from said information in said registration request message whether said mobile 
node is pemiitted to access said network; 

generating a registration reply message and sending said registration reply message 
from said home registration agent to said foreign agent, 

if said step of determining results in a positive response, 
0 (a) including in said registration reply message a network address of a 

home tunneling agent, said home tunneling agent adapted to receive 
data traffic from said mobile node and direct said data traffic onto 
said network; and 

(b) tunneling said data traffic from said foreign agent to said home 
[5 tunneling agent for transmission onto said network; and 

wherein said home registration agent and said home tunneling agent are 
implemented in two separate communication devices. 

12. The improvement of claim 1, wherein said second conmiunications device 
comprises a communications device implementing at least one instantiation of a home 
tunneling agent software program. 

13. The improvement of claim 12, wherein home tunneling agent comprises a 
router implementing at least two instantiations of a home tunneling agent software program. 

14. The improvement of claim 13, wherein said home registration agent 
comprises a general purpose computer and wherein said home registration agent 
authenticates said mobile node in conjxmction with an authentication, authorization and 
accounting server. 

15. The improvement of claim 1, wherein said foreign agent comprises a foreign 
tunneling agent embodied in a first device and foreign registration agent embodied in a 
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16. The system of claim 4, wherein said home registration agent exchanges 
registration and session control traffic with a foreign registration agent and said home 

5 tunneling agent tunnels data traffic to a foreign tunneling agent, said foreign registration 
agent and said foreign tunneling agent embodied in two separate communication devices. 

17. The method of claim 11, wherein said home registration agent exchanges 
registration and session control traffic with a foreign registration agent and said home 

10 tunneling agent timnels data traffic to a foreign tunneling agent, said foreign registration 
agent and said foreign tunneling agent embodied in two separate conraiunication devices. 

18. A mobile Internet Protocol service provider system for providing a mobile 
node access to a network and enable said mobile node to communication with a host on said 

15 network, comprising: 

a first communications device comprising a foreign registration agent transmitting a 
registration request message associated said mobile node to a home agent and receiving a 
registration reply message from said home agent; and 

a second communications device, different from said first communications device, 
20 comprising a foreign tunneling agent associated with said foreign registration agent, said 
foreign tunneling agent receiving data traffic from said mobile node and directing said data 
traffic to said home agent. 

19. The system of claim 18, wherein at least one of said foreign registration 
25 agent and said foreign tunneling agent comprises a network access server. 

20. The system of claim 18, wherein at least one of said foreign registration 
agent and said foreign tunneling agent comprises a general-purpose computer. 

30 
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FIG. 3 
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